× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7f362fff9badd2e8c2ba41d60c401e14a2ec2070f06c343048bc94c9e803d0e9
File name: vti-rescan
Detection ratio: 30 / 55
Analysis date: 2016-03-17 14:43:10 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Agent.BRUM 20160317
AegisLab Troj.W32.Waldek!c 20160317
AhnLab-V3 Trojan/Win32.Filecoder 20160317
Arcabit Trojan.Agent.BRUM 20160317
Avira (no cloud) TR/FileCoder.436783 20160317
AVware Trojan.Win32.Generic!BT 20160317
Baidu Win32.Trojan.WisdomEyes.151026.9950.9985 20160317
BitDefender Trojan.GenericKD.3104039 20160317
Bkav HW32.Packed.260A 20160317
Cyren W32/Trojan.DYMI-4274 20160317
Emsisoft Trojan.Win32.Dridex (A) 20160317
ESET-NOD32 Win32/Dridex.AA 20160317
F-Secure Trojan.Agent.BRUM 20160317
GData Trojan.GenericKD.3104039 20160317
Ikarus Trojan.Win32.Dridex 20160317
Kaspersky Trojan.Win32.Waldek.gsy 20160317
Malwarebytes Trojan.MalPack 20160317
McAfee Artemis!7DCC0E6710C1 20160317
McAfee-GW-Edition BehavesLike.Win32.AAEH.dh 20160317
eScan Trojan.GenericKD.3104039 20160317
nProtect Trojan.Agent.BRUM 20160317
Panda Trj/CI.A 20160316
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20160317
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160317
Sophos AV Troj/Dridex-QY 20160317
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik 20160317
Symantec Trojan.Cridex 20160317
TrendMicro TROJ_FRESMIT.A 20160317
TrendMicro-HouseCall TROJ_FRESMIT.A 20160317
VIPRE Trojan.Win32.Generic!BT 20160317
Yandex 20160316
Alibaba 20160317
ALYac 20160317
Antiy-AVL 20160317
Avast 20160317
AVG 20160317
Baidu-International 20160317
ByteHero 20160317
CAT-QuickHeal 20160317
CMC 20160316
Comodo 20160317
DrWeb 20160317
F-Prot 20160317
Fortinet 20160317
Jiangmin 20160317
K7AntiVirus 20160317
K7GW 20160317
Microsoft 20160316
NANO-Antivirus 20160317
Tencent 20160317
TheHacker 20160315
VBA32 20160317
ViRobot 20160317
Zillya 20160316
Zoner 20160317
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-06 18:03:46
Entry Point 0x000214BC
Number of sections 4
PE sections
PE imports
RemoveRelocations
UnDecorateSymbolName
SymGetModuleBase
SymEnumerateModules
GetBinaryTypeW
GetLogicalDriveStringsW
LocalUnlock
GetModuleHandleA
GlobalDeleteAtom
VarDecFromUI1
VarI4FromR8
VarR4FromI1
VarUI4FromDate
VarFormat
VarDateFromBool
VarBoolFromI4
VarCyFromUI1
VarBstrFromI2
SafeArrayGetLBound
VarIdiv
CreateTypeLib2
LoadRegTypeLib
OaBuildVersion
VarBstrFromCy
VarR4FromUI4
VarMod
VarDateFromUdate
VarUI4FromStr
VarNot
VarR4FromR8
VarUI4FromR4
VarBstrFromR8
RasDeleteEntryW
RasGetEntryPropertiesA
RasGetConnectStatusW
RasEnumEntriesW
RasEditPhonebookEntryA
RasGetProjectionInfoW
RasValidateEntryNameW
RasGetErrorStringA
RasGetCountryInfoW
RasSetEntryPropertiesW
RasSetEntryDialParamsW
RasEditPhonebookEntryW
RasCreatePhonebookEntryW
RasRenameEntryA
RasEnumEntriesA
waveOutReset
GetDriverModuleHandle
midiStreamProperty
midiOutGetNumDevs
midiInClose
waveInAddBuffer
midiInOpen
midiOutGetVolume
mciGetCreatorTask
waveInClose
PlaySoundA
mciGetErrorStringA
joyReleaseCapture
midiStreamStop
mmioGetInfo
waveOutGetErrorTextA
sndPlaySoundA
mixerClose
waveInGetDevCapsW
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 4
RT_DIALOG 3
RT_ACCELERATOR 3
RT_MENU 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
KYRGYZ DEFAULT 17
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
0.158.33.110

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
200704

EntryPoint
0x214bc

OriginalFileName
Briefer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2017

FileVersion
26, 230, 98, 182

TimeStamp
2008:06:06 19:03:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Deprecated

ProductVersion
68, 75, 251, 38

FileDescription
Escalator

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Netegrity, Inc.

CodeSize
135168

FileSubtype
0

ProductVersionNumber
0.56.97.69

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7dcc0e6710c1393c08b66694e71090e9
SHA1 455817a04f9d0a7094038d006518c85be3892c99
SHA256 7f362fff9badd2e8c2ba41d60c401e14a2ec2070f06c343048bc94c9e803d0e9
ssdeep
6144:O0SJPMif+4Npr+QlTi0iqwDk+8h/QfEjyuOdyB2Fyu5+D:OD5MoNNprXlTviqwIa0P2Fyu

authentihash 31fa0a4c891271d89e5a44618f048303a296a3aef919ea69de950c829e433f08
imphash 4766dd55127483dcd3cbfdc34bc81bb4
File size 224.0 KB ( 229376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.4%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2016-03-16 10:36:29 UTC ( 3 years, 1 month ago )
Last submission 2016-12-17 04:08:34 UTC ( 2 years, 4 months ago )
File names crypted120med.exe
crypted120med.exe
dsfjfjvsd.exe
dontate.exe
7DCC0E6710C1393C08B66694E71090E9.F60FD573
crypted120med.exe
7dcc0e6710c1393c08b66694e71090e9.455817a04f9d0a7094038d006518c85be3892c99.primary_analysis_subject
crypted120med.exe
crypted120med.exe
crypted120med.exe
(7f362fff9badd2e8c2ba41d60c401e14a2ec2070f06c343048bc94c9e803d0e9) - donate.php.exe
crypted120med.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Terminated processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections
UDP communications